CERT-In,phishing attack,CERT-In phishing attack

Alert! Massive Phishing attack starting today. Read more.

# Headlines Business Technology Tops Trending World

There is an imminent threat of a massive phishing attack in India, according to the Cert-In (Computer Emergency Research Team – India). The new phishing attack could imitate government organizations and can steal sensitive personal data and financial information.

The new advisory claims that the phishing attack, conducted by “malicious actors”, will be done in the guise of a Covid-19 related directive and it is expected to begin on 21 June. These cyber-attacks will be focused on both individuals and business organizations ranging from small to large.

“The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded Covid-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” CERT-In said in a statement.

CERT-In later tweeted, “…The malicious actors are claiming to have two million individual/citizen email IDs and are planning to send emails with the subject free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai, and Ahmedabad, inciting them to provide personal information”.

It further read, “…These malicious actors are planning to spoof or create fake email IDs impersonating various authorities. The email ID expected to be used for the phishing campaign towards Indian individuals and businesses is expected to be from email such as ‘ncov2019@gov.in’ and the attack campaign is expected to start on June 21, 2020”.

The CERT-In later mentions what one is supposed to do when he/she receives an email.

• Don’t open attachments in unsolicited emails, even if they come from people in your contact list and never click on a URL contained in an unsolicited email, even if the link seems benign. If it seems a genuine URL, close the email and go to the organization’s website directly through the browser and check if such information is given there.

• Leverage Pretty Good Privacy in mail communications. Additionally, advise the users to encrypt or protect the sensitive documents stored on the internet-facing mechanics to avoid potential leakage.

• Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.

• Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e. the extension matches the file header).

• Beware about phishing domain, spelling errors in emails, websites, and unfamiliar email senders.

• Check the integrity of URLs before providing logging credentials or clicking a link.

• Don’t submit personal information to unknown and unfamiliar websites.

• Consider using safe browsing tools, filtering tools in your anti-virus, firewall, and filtering services.

• update spam filters with the latest spam mail contents.

• Any unusual activity or attack should be reported immediately at @cert-in.org.in